mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-11 15:27:47 +00:00
Fix dereference of potentially freed pointer in qemudDomainSaveFlags
The pointer to the xml describing the domain is saved into an object prior to calling VIR_REALLOC_N() to make the size of the memory it points to a multiple of QEMU_MONITOR_MIGRATE_TO_FILE_BS. If that operation needs to allocate new memory, the pointer that was saved is no longer valid. To avoid this situation, adjust the size *before* saving the pointer. (This showed up when experimenting with very large values of QEMU_MONITOR_MIGRATE_TO_FILE_BS).
This commit is contained in:
parent
b1eb7f2e98
commit
1d45e1b622
@ -4959,12 +4959,6 @@ static int qemudDomainSaveFlag(virDomainPtr dom, const char *path,
|
|||||||
is_reg = S_ISREG(sb.st_mode);
|
is_reg = S_ISREG(sb.st_mode);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* Setup hook data needed by virFileOperation hook function */
|
|
||||||
hdata.dom = dom;
|
|
||||||
hdata.path = path;
|
|
||||||
hdata.xml = xml;
|
|
||||||
hdata.header = &header;
|
|
||||||
offset = sizeof(header) + header.xml_len;
|
offset = sizeof(header) + header.xml_len;
|
||||||
|
|
||||||
/* Due to way we append QEMU state on our header with dd,
|
/* Due to way we append QEMU state on our header with dd,
|
||||||
@ -4985,6 +4979,12 @@ static int qemudDomainSaveFlag(virDomainPtr dom, const char *path,
|
|||||||
header.xml_len += pad;
|
header.xml_len += pad;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Setup hook data needed by virFileOperation hook function */
|
||||||
|
hdata.dom = dom;
|
||||||
|
hdata.path = path;
|
||||||
|
hdata.xml = xml;
|
||||||
|
hdata.header = &header;
|
||||||
|
|
||||||
/* Write header to file, followed by XML */
|
/* Write header to file, followed by XML */
|
||||||
|
|
||||||
/* First try creating the file as root */
|
/* First try creating the file as root */
|
||||||
|
Loading…
Reference in New Issue
Block a user